[762] in Kerberos-V5-bugs
Syslog Login records added to K5.4.2 telnetd
daemon@ATHENA.MIT.EDU (Joe Ramus)
Fri Sep 16 23:23:32 1994
Date: Fri, 16 Sep 94 20:22:41 PDT
From: ramus@nersc.gov (Joe Ramus)
To: krb5-bugs@MIT.EDU, auth-pilot@es.net
I noted that telnetd in Kerberos 5 Beta 4.2 did not have a syslog
call to record every login attempt. Such a feature is present in
rlogind. Here are the patches to add the feature to telnetd.
I placed all of the code under #ifdef LOG_ALL_LOGINS
which is the way it is done in rlogind.
If anyone wants the complete files rather than the diffs, I can send
them in shar format.
----------------------------------------------------------------
| Joe Ramus NERSC Livermore (510) 423-8917 ramus@nersc.gov |
----------------------------------------------------------------
--------------------- CUT ---------------------------------------------
*** src/appl/telnet/telnetd/Makefile.in Thu Aug 18 12:49:50 1994
--- sun4/appl/telnet/telnetd/Makefile.in Wed Sep 14 21:12:44 1994
***************
*** 20,26 ****
# @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
#
! AUTH_DEF=-DAUTHENTICATION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
LOCALINCLUDES=-I.. -I$(srcdir)/..
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
--- 20,26 ----
# @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
#
! AUTH_DEF=-DAUTHENTICATION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN -DLOG_ALL_LOGINS
OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
LOCALINCLUDES=-I.. -I$(srcdir)/..
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
*** src/appl/telnet/telnetd/sys_term.c Thu Aug 18 12:49:55 1994
--- sun4/appl/telnet/telnetd/sys_term.c Fri Sep 16 19:17:46 1994
***************
*** 1523,1528 ****
--- 1523,1533 ----
char *term;
char termbuf[64];
#endif
+ #ifdef LOG_ALL_LOGINS
+ char *if_authenticated = "Not authenticated";
+ char *username_is;
+ char *usernm;
+ #endif
#ifdef UTMPX
/*
***************
*** 1543,1548 ****
--- 1548,1560 ----
fatal(net, "makeutx failed");
#endif
+ #ifdef LOG_ALL_LOGINS
+ if (name && *name)
+ username_is = name;
+ else
+ username_is = "unknown";
+ #endif
+
/*
* -h : pass on name of host.
* WARNING: -h is accepted by login if and only if
***************
*** 1604,1609 ****
--- 1616,1624 ----
#endif
#if defined (AUTHENTICATION)
if (auth_level >= 0 && autologin == AUTH_VALID) {
+ #ifdef LOG_ALL_LOGINS
+ if_authenticated = "Kerberos Authenticated";
+ #endif
# if !defined(NO_LOGIN_F)
#if defined(LOGIN_CAP_F)
argv = addarg(argv, "-F");
***************
*** 1611,1616 ****
--- 1626,1634 ----
argv = addarg(argv, "-f");
#endif
argv = addarg(argv, name);
+ #ifdef LOG_ALL_LOGINS
+ username_is = name;
+ #endif
# else
# if defined(LOGIN_R)
/*
***************
*** 1683,1688 ****
--- 1701,1709 ----
}
# else
argv = addarg(argv, name);
+ #ifdef LOG_ALL_LOGINS
+ username_is = name;
+ #endif
# endif
# endif
} else
***************
*** 1689,1694 ****
--- 1710,1720 ----
#endif
if (getenv("USER")) {
argv = addarg(argv, getenv("USER"));
+ #ifdef LOG_ALL_LOGINS
+ usernm = (char *) malloc(300);
+ strcpy(usernm, getenv("USER") );
+ username_is = usernm;
+ #endif
#if defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
{
register char **cpp;
***************
*** 1711,1716 ****
--- 1737,1748 ----
#if defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
if (pty > 2)
close(pty);
+ #endif
+ #ifdef LOG_ALL_LOGINS
+ /* Log data about each login attempt */
+ syslog(LOG_NOTICE, "LOGIN: %s, User %s From %s \n",
+ if_authenticated, username_is, host );
+ free(usernm);
#endif
closelog();
execv(LOGIN_PROGRAM, argv);
